447b824e5d228a7bb2765e33f860d2bef760a0608c7d00aa88b59f35bf9e1e53[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

447b824e5d228a7bb2765e33f860d2bef760a0608c7d00aa88b59f35bf9e1e53.exe
Size

77KB
MD5

98f5a0e1002a53f613595a683fe4b633
SHA1

e827a643b70d0d25bf16d4982d4883bb83239a89
SHA256

447b824e5d228a7bb2765e33f860d2bef760a0608c7d00aa88b59f35bf9e1e53
SHA512

9610d466f10716cacb2725e3b96489ccd95223ffcb4dae373d12292ba510bb66189d9116f02e7f2d7aedd4d2aa793048f673d00d9c1fc9c39d61ca9c19e219c4
SSDEEP

768:H+pRjzGFVyi9WCtvtt59HbEy/FWBBzkRUWgxALLLLLLLLLLLLLLLLLLLLLLLLLL:Hhvl6y/FWBBzkRx+N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
447b824e5d228a7bb2765e33f860d2bef760a0608c7d00aa88b59f35bf9e1e53.exe

Files

447b824e5d228a7bb2765e33f860d2bef760a0608c7d00aa88b59f35bf9e1e53.exe
.dll windows:6 windows x64 arch:x64

579f52f57e43aa6ff0d07e88af5d0ff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nsi.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
NtTerminateProcess
RtlNtStatusToDosError
NtWaitForSingleObject
NtDeviceIoControlFile
memset

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateEventA

Exports

Exports

NsiAllocateAndGetPersistentDataWithMaskTable
NsiAllocateAndGetTable
NsiCancelChangeNotification
NsiDeregisterChangeNotification
NsiDeregisterChangeNotificationEx
NsiEnumerateObjectsAllParameters
NsiEnumerateObjectsAllParametersEx
NsiEnumerateObjectsAllPersistentParametersWithMask
NsiFreePersistentDataWithMaskTable
NsiFreeTable
NsiGetAllParameters
NsiGetAllParametersEx
NsiGetAllPersistentParametersWithMask
NsiGetObjectSecurity
NsiGetParameter
NsiGetParameterEx
NsiRegisterChangeNotification
NsiRegisterChangeNotificationEx
NsiRequestChangeNotification
NsiRequestChangeNotificationEx
NsiSetAllParameters
NsiSetAllParametersEx
NsiSetAllPersistentParametersWithMask
NsiSetObjectSecurity
NsiSetParameter
NsiSetParameterEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�V�_
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

579f52f57e43aa6ff0d07e88af5d0ff5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

�V�_ Size: 64KB - Virtual size: 64KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

�V�_
Size: 64KB - Virtual size: 64KB